Checklist: Manage Group Memberships

To control access to directory data, Active Directory Lightweight Directory Services (AD LDS) relies on permissions that are granted to users and groups. AD LDS supports the simultaneous use of both Windows users and AD LDS users as members of AD LDS groups. AD LDS provides four default role-based groups. You can create additional AD LDS groups as necessary. To create AD LDS users, you must first import the user object class definitions that are provided with AD LDS, or you can supply your own user object definitions.